Metamask extension accounts HACKED w/o keys?

Interesting.
But how do you manage to get in contact with them?
Concerning reclaim crypto, is it a legit and serious company ? Do they give you any insurance on the results ?

Same thing happened to me on 7/7, accept my phone died right after importing my wallet, so I was completely off line when it happened to my account. Iā€™m also having an issue of every wallet linked to my MM account, when trying to import my wallet to a different platform, I get invalid seed phrase, bar code gets same results. And I had just opened the metamask 3 hrs before the same day

21st August , Around 58K USD of crypto were siphoned from my Metamask chrome extension and got transferred to hackers wallet.

2 wallets connected to Metamask were hacked

I was completely shocked and devastated. How did it happen , was their a Metamask breach , as I didnā€™t click on any phishing email or website. The funds were sitting for last 2 months and suddenly it was gone. Iā€™m not sure what to do.

I lost ETH Woo Link SXDT around 58-59K USD

Welcome to the party pal! Noā€¦sorry to hear. Same happened to me 5 weeks ago.
Nearly the same amountā€¦stripped out all the LP making divs on biswap and coinswap and PCS syrup pool. I bet some pretty nasty thoughts were going through your head.
A hammer would make it difficult for a hacker to use a mouse and keyboard to carry future cyber crimes.
Were you interacting with many farms? Signing contracts and then not using Un-rekt to cancel these old dead shitfarms?
The only thing you can do is add the wallet address to your watchlist in the explorer and be notified by email on ingoing and out going trx of that wallet.
Also leave messages for the hacker to read on the discussion section attached to their walletā€¦some people get their money back.
Try reclaimcrypto.

1 Like

I have registered with reclaimcrypto but didnā€™t get any response. Left a comment over Etherscan also

Did you have a ledger attached to your Metamask wallet? Signing transactions?

No man. My life is going into sinkhole right now

What do you use now? I just lost $28,000 to a scam in a telegram chat pretending to be an admin for Dinoswap

Today I found out that my metamask wallet was drained 72 days ago.
Iā€™m fairly IT savvy, security conscious and my seed was on an offline hardware encrypted usb. I think I accessed that metamask wallet only 3 times in 631 days from what I consider to be fairly secure environments. Iā€™m quite confident there is no malware / keyloggers and Iā€™m certain that I would not have fallen for a phishing attack.

I have never used Uniswap ever, and I am at a loss how my metamask account was compromised. I wonder if there is a vulnerability either within the HEX smart contract that this wallet only ever interacted with or with the metamask wallet itself that has enabled someone to drain the account.

It makes me wonder if the hackers are using some kind of brute force technique on wallets.
Random generator algorithms on seed phrases. Checking as many wallets as they can and hitting the jackpot every now and again.
If so. Metamask needs to take a bite of that shit sandwich.

1 Like

I think the key takeaways here are.
Dont leave large bags of anything in your metamask wallet.
Get active with sending your profits to a Ledger. Yes it will cost more.
Use a Ledger to sign transactions. Yes it will take more time.
Use un-rekt frequently. Yes it will cost more.
Only interact with Dapp platforms listed on Dappradar.
Always bookmark the Dapps

0x077d360f11d220e4d5d831430c81c26c9be7c4a4 same address which has my funds.

update: this appears to be ChangeNow official address and it appears the way the attacker is exiting. ChangeNow have said that they will co-operate with any proper law enforcement process served on them.

"Here is their response when asked about this. Please do let us know here if anyone is able to successfully get a law enforcement intervention or intercept to This ChangeNow address:

We would be happy to cooperate on any investigations and provide necessary information. For that, we would kindly ask for an official inquiry from authorized government authorities, typically law enforcement agencies, of the local jurisdiction. We would also like to ask that this request:

  • is addressed specifically to our exchange service - ChangeNOW;

  • clearly outlines the requested information regarding transactions, addresses, and other relevant details, all listed in the request itself;

  • has signatures, stamps, and other relevant insignia verifying the authenticity of the requesting body or official.

We also understand that it might be difficult to get a request in the English language from local authorities in countries where English is not an official language, and we would gladly accept a translation thereof. As soon as we receive such a request, we would gladly cooperate and share all the information we are asked for.

Email law enforcement material to

Support[at]changenow[dot]io

I believe that Debank is not legit. Why? Because when you go to Profile / Approval if you click on Decline you are requested to provide permissions to Debank (?) to manage your spend limit in your wallet

Same thing happened to me 3 hours after opening a metamask account, imported my wallet, 15 minutes later my phone died so I was completely offline when they emptied my wallet. I personally think the metamask platform itself is compromised. Also every wallet that I linked to my metamask account all have invalid secret phrase when I try to import my wallet to a different platform, 12 words and bar code scan both come back as invalid. So Iā€™m sure the funds I have in those wallets is as good as gone as well. This is a company that operates online bringing a service to consumers, just because crypto itself ainā€™t regulated, that doesnā€™t mean that the company providing the service, tool, and or platform to consumers donā€™t have regulations they have to follow. Iā€™m sure if enough of us get together we could probably file a class action suit against metamask for all the financial losses we all have experienced as a direct result of using their platform, the fact that itā€™s crypto shouldnā€™t matter, just the fact that they operate online affords us some sort of protections I believe. And I see this is a regular thing happening on metamask. All my wallets not connected to metamask Iā€™ve had absolutely no issues with, only the wallets that are linked to metamask, so I know itā€™s a platform issue. They canā€™t just telling all of us itā€™s something we did wrong, tell us thereā€™s nothing that can be done and then say that the issue is closed, be more careful next time, and Iā€™m not seeing this happen to this extent on any other platforms. Thereā€™s got to be something that can be done, if itā€™s their platform itself enabling this to happen, then they are responsible, and need to be held responsible.

Like you I also want answers. I would be in a class action if more evidence was there.
There is a reason why Ledger integrated with Metamask 24 months ago.
I follow some big crypto farmers and reached out to find their opinions.
Holding the keys out of the Metamask wallet seems to be the solution.
Signing all transactions with Ledger seems to be the solution.
You need Metamask to interact with the Dapps, NFTs . To much money to be made. Got to be in it.
With my wallet hack that was strange. The hack came at the bottom of the BTC low.
BTC low was about 6 weeks ago. It was like they were watching market movements and said now we empty the wallet and farms I was in.
The first Metamask wallet I ever created was January 2021 made nearly 50K.
I never used Debank or Unrektā€¦so did I download the wrong Metamask wallet??
Maybeā€¦I dont remeber.
Debank or Unrekt not the causeā€¦was it the unlimited spend and connected farms I had been inā€¦I dont know.
As the Youtuber CryptoSlo said ā€œSo many ways to get Rekt in Cryptoā€
The hackers are counting on you slipping up.

This happened to me. Have not shared passwords anywhere and woke up to all my 5 NFTā€™s being transferred out of my opensea .io account.

No notifications that someone had logged into my account so the only explanation is the went into my screen?But how

Hi Justin,

Could you tell me how you manage to get in contact with your hackers?
thx

Same here. $11k+ stolen yesterday after one day in the wallet (iOS mobile). Never given out private keys. Interested to see how this progresses.

Wallet addresses with the stolen funds:
UNI: 0xE536d30a755ecAD2a7Da9c20D986f9Ef93b76c89

ETH: 0xb5F013fDBE1FbB8Ca1f85BEB575E88dc4BED799D

Go to the explorer page of that particular chain.
Put in the wallet address you want to look at.
Bottom of the page. Comments section.Write away.
You donā€™t know if the messages have been read.
If I was a scumbag thief hacker. I would want some free intel.
Maybe get my jollies in a sick twisted kind of way.
Thatā€™s my experience so far.
I received $2 back from the $50K taken from my wallet.

1 Like

1 Day in wallet?..No couldnā€™t beā€¦You must have downloaded the wrong wallet?